EV Observe - Configure Azure AD as a SAML Identity Provider

Last modified on 2024/04/02 16:49

IntegrationMicrosoftAzureAD_ConstantlyEvolving

   Microsoft Azure is constantly evolving. As such, some of the screens shown in the procedures below may be different from the ones in the final interface.

SAML (Security Assertion Markup Language) is used to enable single sign-on (SSO) between an identity provider (IDP) and a service provider.

The procedure is used to enable SAML 2.0 authentication between EV Observe (the service provider) and the Azure AD platform (the identity provider). Once Azure has authenticated users, they will be logged in to EV Observe using their Azure AD account.

Notes

  • Only administrators can configure SAML authentication for Azure AD.

Prerequisites

Procedure: How to configure SAML authentication

Step 1: Retrieve information on your service provider, EV Observe

SAML_InfoServiceProvider

Note: You must be authorized to access the Administration menu.

1. Go to the Web app.

2. Select Administration > Integration > SAML in the menu.

3. (optional) Modify the default name of the SAML authentication.

          SAML authentication.png

4. Click Export XML to save the metadata file on your workstation. You must register EV Observe on the Azure AD platform (step 2).
 

Step 2: Register your service provider, EV Observe on the Azure AD platform (identity provider)

Step 2.a: Access the Azure portal

1. Log in to the Azure portal using your Azure account.

2. (optional) Select the relevant environment if you have multiple tenants.
 

Step 2.b: Register a new enterprise application on the Azure portal and retrieve the ID

1. Search for the Enterprise Applications service in the list of Azure services or click the link below to access the service directly.
         Microsoft Azure: Enterprise Applications

The list of enterprise applications previously registered on the Azure portal will appear.
         Enterprise applications - List.png

2. Click + New application and click + Create your own application.

3. Specify the information required for creating the application.

          Enterprise applications - Creation.png

  • Enter the name of the new application.
  • Select the Integrate any other application you don't find in the gallery option to manually configure new applications not available in the gallery.
  • Click Create.

An overview of the new application will appear.
         Enterprise applications - Overview.png
 

Step 2.c: Enable SAML authentication

1. Select Single sign-on in the left pane and click SAML.

          Enterprise applications - SAML option.png

The SAML configuration page will appear.

2. Click Upload metadata file and select the XML file of the EV Observe platform that you saved on your workstation in step 1.

          Enterprise applications - SAML option - Metadata file.png

3. Check that the values displayed in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields are identical to those in EV Observe.

Note: These values were stored in your text editor in step 1: Entity ID and Assertion Consumer Service URL

          Enterprise applications - SAML option - Metadata file information.png

4. Save the SAML configuration.

  • Click Save.
  • Select No, I'll test later when the message asking if you want to run a test appears.

5. Download the Azure AD federation metadata XML file required for enabling SAML authentication on the EV Observe platform.

  • Go to the SAML Signing Certificate section.
  • Save the file on your workstation.
             Enterprise applications - SAML option - Upload XML file.png

The metadata file is generated by the identity provider. It contains the configuration information required by EV Observe for configuring SAML authentication in step 5.
 

Step 3: Configure SAML authentication in EV Observe

SAML_ConfigureEVObserve

1. Return to the Web app.

2. Open the SAML configuration window.

          SAML authentication - Configuration.png

3. Import the metadata file generated by the identity provider.

  • Click Import XML.
  • Select the file you downloaded on your workstation when you registered EV Observe on the identity provider platform in step 2.

4. Ensure that the EV Observe login is identical to the user registered with the identity provider by entering the mail value in the Username attribute field.

   Without a specific binding on the Azure side, enter the value below.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

5. Click Enable SAML Authentication.

6. Configure user access for SAML authentication.

Tags:
Powered by XWiki © EasyVista 2024